Pre-Settlement Flash Audit for Sydney Conveyancers: Detect Settlement Hijack Indicators Before Funds Move

The file has been workshopped for weeks. Two days before settlement, a payment-direction change arrives that looks routine — same firm letterhead, same case reference, slightly different destination account. Your Digital Signing Certificate is the last line of defence between that instruction and an irreversible PEXA transfer. The Pre-Settlement Flash Audit is a one-shot diagnostic that surfaces the structural indicators most often present on a settlement-hijack attempt before you sign.

Why it matters now

Settlement hijack — the redirection of settlement proceeds via compromised or impersonated party communications — sits squarely inside the conduct that ARNECC’s Model Participation Rules govern. Under the Electronic Conveyancing National Law, Subscribers must comply with Participation Rules determined by the Registrar in each State and Territory, which in New South Wales are administered by the Registrar General. Version 7 of the Model Participation Rules (published January 2024) carries forward Subscriber obligations covering identity verification of clients, verification of the right to deal, retention of supporting evidence, and security of the Subscriber’s Digital Signing Certificate. The Australian Cyber Security Centre publishes separate guidance on the email-compromise techniques typically used to engineer these redirections at https://www.cyber.gov.au/. A Sydney conveyancer who signs a Financial Settlement Schedule on the strength of an unverified instruction change carries the compliance and trust-account exposure regardless of how convincing the impersonation looked.

The 5-minute view

• ARNECC’s Model Participation Rules apply to all Subscribers on an Electronic Lodgment Network, including Sydney conveyancers operating on PEXA, and are determined as binding Participation Rules by the NSW Registrar General under the Electronic Conveyancing National Law.
• Version 7 of the Model Participation Rules, published by ARNECC in January 2024, is the current model framework.
• The Model Participation Rules require Subscribers to verify the identity of their client, establish the right to deal, retain supporting evidence, and secure their Digital Signing Certificate against unauthorised use.
• Settlement hijack typically combines a compromised or spoofed email channel with a last-minute change to payment-direction or financial-settlement instructions, exploiting the narrow window between Financial Settlement Schedule lock-in and settlement.
• Out-of-band verification — a phone call to a previously known number, not a number supplied in the suspect email — is the control most consistently recommended by the Australian Cyber Security Centre for instruction changes received electronically.
• A pre-settlement audit reviews the indicators present on one specific file: sender authentication on the inbound mail chain, the prior correspondence pattern of the counterparty, and the structure of any instruction changes against known hijack signatures.
• Once a PEXA financial settlement executes, reversal is a recovery exercise rather than a stop-payment, which is why the control point sits in the verification window before signing.

What DRMO does about it

The Pre-Settlement Flash Audit is a single-transaction diagnostic scoped to one Sydney settlement file. You submit the file reference, the email correspondence chain covering payment directions and any instruction changes, and the counterparty details. We run a fixed-scope review covering: SPF, DKIM and DMARC authentication results on the inbound mail chain; the counterparty’s prior correspondence pattern with your firm (signature consistency, prior account details, change history); the structure of the instruction change against published settlement-hijack indicators; and a mapping of the recommended verification steps to the Subscriber obligations in the ARNECC Model Participation Rules. This is operational support for your existing Participation Rule obligations — it is not legal advice and does not replace your own verification of the right to deal.

This is the same diagnostic that runs as a step in the broader Pre-Settlement Shield engagement, productised here for single-transaction use without a discovery call.

The deliverable

• 15-page PDF audit report scoped to one Sydney settlement file
• Executive summary with a Red / Amber / Green status and the recommended next action before signing
• Per-indicator review with the underlying email evidence cited inline
• Verification checklist mapped to the relevant Subscriber obligations under the ARNECC Model Participation Rules
• Delivered via email within 1 business day of file submission and payment

CTA

Run the Pre-Settlement Flash Audit — AUD $499

A single-transaction productised offer. No discovery call required. Suitable for any Sydney conveyancing file where a payment direction or financial settlement instruction has been issued, changed, or confirmed by email in the days before settlement.

Sources

1. Australian Registrars’ National Electronic Conveyancing Council — Model Participation Rules (Version 7, January 2024): https://www.arnecc.gov.au/publications/model-participation-rules/
2. Australian Cyber Security Centre — general guidance on business email compromise and payment-redirection techniques: https://www.cyber.gov.au/
3. PEXA Group Limited — Electronic Lodgment Network operator (Subscriber workflow context): https://www.pexa.com.au/

DRMO capability references:

• Pre-Settlement Flash Audit (L2 service shape, single-transaction productised offer)
• Pre-Settlement Shield (L3 consulting engagement, of which this diagnostic forms one step)